Hello Michael,
thanks for the reply.
I'll check this conf.
Just another question, can I use as openssl_engine the PKCS#11 engine, provided that I patched the openssl package with the PKCS#11 patch, in order to download automatically the cert on the smartcard?
If yes, what are the args for the:
1) hsm_utility 2) hsm_slot 3) appid
Is it possible, or do i have to do some preparation before?
Good question. Ok there are some more aspects in your question.
1. The PKCS#11 engine from OpenSSL is from Bull and there is some ongoing work to support more PKCS#11 features. The reason is simple. OpenSC likes to use this PKCS#11 driver but it was designed for accelerators only (keys will be only loaded not stored or protected).
2. OpenSC 0.8.0 comes with a new engine for OpenSSL but I didn't test it until now.
3. I don't know the necessary options for OpenSC. hsm_utility etc. were for Luna CA. If you want to use client certificates then you can use a webbrowser. If you want to use a smartcard as HSM then you have to wait until we have a token module ready for OpenSC. If you think about a batchprocessor to issue smartcards then OpenSC and OpenSSL PKCS#11 looks like the right way but we had never a chance to test this. (It would be much easier to answer if you describe more exactly what you want to do.)
I want to start this or the next week to test the engine integration with OpenSC's 0.8.0 engine for OpenSSL and with it's PKCS#11 interface for Mozilla. The problem is that I want to do this with a Cryptoflex but Schlumberger Germany is not really competent. We asked them more than twice for cards last year and offer them to pay for the cards but they have allways a good answer why they cannot deliver the cards (we are so patient with them because the cards can be used for Win 2000 Smardcard login via Citrix Terminalservers).
Now OpenSC supports Gemplus GPK too and Gemplus works hard on the Citrix support. So perhaps I know more next week. Nevertheless we started a new try to get the cryptoflex cards directly from scmegastore.com but the first testcards for OpenSC and OpenCA are now some GPK 8K.
Best regards
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.net email is sponsored by Dice.com. Did you know that Dice has over 25,000 tech jobs available today? From careers in IT to Engineering to Tech Sales, Dice has tech jobs from the best hiring companies. http://www.dice.com/index.epl?rel_code=104 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
